lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 22 Aug 2020 13:47:19 -0700
From:   Markus Mayer <mmayer@...adcom.com>
To:     Florian Fainelli <f.fainelli@...il.com>
Cc:     Krzysztof Kozlowski <krzk@...nel.org>,
        Colin Ian King <colin.king@...onical.com>,
        BCM Kernel Feedback <bcm-kernel-feedback-list@...adcom.com>,
        Linux ARM Kernel <linux-arm-kernel@...ts.infradead.org>,
        Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] memory: brcmstb_dpfe: fix array index out of bounds

On Sat, 22 Aug 2020 at 13:21, Florian Fainelli <f.fainelli@...il.com> wrote:
>
> On 8/22/2020 1:14 PM, Markus Mayer wrote:
> > On Sat, 22 Aug 2020 at 09:46, Krzysztof Kozlowski <krzk@...nel.org> wrote:
> >>
> >> On Sat, Aug 22, 2020 at 09:40:59AM -0700, Markus Mayer wrote:
> >>> On Sat, 22 Aug 2020 at 04:56, Krzysztof Kozlowski <krzk@...nel.org> wrote:
> >>>>
> >>>> On Fri, Aug 21, 2020 at 09:52:21AM -0700, Markus Mayer wrote:
> >>>>> We would overrun the error_text array if we hit a TIMEOUT condition,
> >>>>> because we were using the error code "ETIMEDOUT" (which is 110) as an
> >>>>> array index.
> >>>>>
> >>>>> We fix the problem by correcting the array index and by providing a
> >>>>> function to retrieve error messages rather than accessing the array
> >>>>> directly. The function includes a bounds check that prevents the array
> >>>>> from being overrun.
> >>>>>
> >>>>> This patch was prepared in response to
> >>>>>      https://lkml.org/lkml/2020/8/18/505.
> >>>>>
> >>>>> Signed-off-by: Markus Mayer <mmayer@...adcom.com>
> >>>>
> >>>> Your Signed-off-by does not match From field. Please run
> >>>> scripts/checkpatch on every patch you send.
> >>>>
> >>>> I fixed it up, assuming markus.mayer@...adcom.com is the valid email
> >>>> address.
> >>>
> >>> No. I have always been using mmayer@...adcom.com since it is shorter.
> >>> That's also what's in the MAINTAINERS file. Please change it back. I
> >>> accidentally used the long form for one of my e-mail replies which is
> >>> where the confusion must have originated.
> >>
> >> I'll drop the patch then. You need to resend with SoB matching email.
> >
> > Oh, I am starting to see what's happening here. This is new and
> > apparently due to some changes with the mail server setup on our end.
> >
> > I have this in my patch file:
> >
> > $ head 0001-memory-brcmstb_dpfe-fix-array-index-out-of-bounds.patch
> >  From 6b424772d4c84fa56474b2522d0d3ed6b2b2b360 Mon Sep 17 00:00:00 2001
> > From: Markus Mayer <mmayer@...adcom.com>
> > Date: Fri, 21 Aug 2020 08:56:52 -0700
> >
> > Sending patches like this used to work. Clearly our SMTP server has
> > now taken it upon itself to rewrite the sender e-mail address. I
> > wasn't expecting that. Let me look into it. Sorry for the hassle. It
> > was not intentional.
>
> Yes, if you used to use the SMTP relay server which did not require
> authentication for internal hosts, and now you use smtp.gmail.com with
> your broadcom.com username, the SMTP server will rewrite the From: to
> match the username used to authenticate with the server.

Actually, it was the other way around. Connecting to smtp.gmail.com
does allow the "From:" header to be customized. The envelope sender,
i.e. the "From " line at the very beginning of the e-mail, might still
get rewritten, but that's okay since the "From:" header is left alone.
The internal SMTP server, however, which does not require
authentication, unexpectedly rewrites the "From:" header in the middle
of the e-mail header.

Got it set up now in a way that should work. At least it did in my
test. I'll send out v3 of the patch momentarily, and then we'll know
for sure.

Regards,
-Markus

Powered by blists - more mailing lists